•IoT botnet activity represented 78% of malware detection events in
communication service provider networks in 2018, more than double the
rate seen in 2016, when IoT bot activity was first seen in meaningful
numbers

•IoT bots now make up 16% of infected devices in CSP networks, up
significantly from 3.5% a year ago

•Malware threats against IoT devices could get worse as consumer
adoption of such devices accelerate in the years ahead as 5G
capabilities - including extreme broadband, ultra-low latency
connectivity, and massive networking - advance

December 5, 2018

The
use of malicious software to attack IoT devices like smart home security
monitoring systems is rising substantially and growing more
sophisticated as cyber criminals take advantage of lax security, Nokia's
Threat Intelligence Report 2019 warned on Tuesday.

Driven by financial and other nefarious purposes, IoT botnet activity
accounted for 78% of malware detection events in communication service
provider (CSP) networks in 2018, according to the report, which is based
on data aggregated from monitoring network traffic this year on more
than 150 million devices globally where Nokia's NetGuard Endpoint
Security product is deployed.

That is up sharply from 33% in 2016, when IoT botnets were first seen in
meaningful numbers. A botnet is a system of computers that can be
infected with malicious software and controlled by a single computer for
doing things like stealing bank account information and shuttering web
sites.

"Cyber criminals are switching gears from the traditional computer and
smartphone ecosystems and now targeting the growing number of vulnerable
IoT devices that are being deployed. You have thousands of IoT device
manufacturers wanting to move product fast to market and, unfortunately,
security is often an afterthought," said Kevin McNamee, director of
Nokia's Threat Intelligence Lab and lead author of the report. In 2018,
IoT bots made up 16% of infected devices in CSP networks, up
significantly from the 3.5% observed in 2017.

As an indicator of the rising threat, the report found that
malware-infected crypto-coin mining is expanding from high-end servers
with specialized processors to IoT devices as well as smartphones and
web browsers. Crypto-coin mining is generally the process by which
crypto currency transactions are verified and added to blockchain
technology systems.

"Cyber criminals have increasingly smart tools to scan for and to
quickly exploit vulnerable devices, and they have new tools for
spreading their malware and bypassing firewalls. If a vulnerable device
is deployed on the internet, it will be exploited in a matter of
minutes," McNamee said.

Also
explaining some of the rise in IoT device malware infection rates is the
fact that attacks on mobile and fixed networks in 2018 decreased from
previous years. This is a result not only of cyber criminals looking
further afield for softer targets, like IoT devices, but of
better-protected networks, platforms and mobile devices that are
designed and built with security in mind.

The Nokia NetGuard security suite provides protection against a wide
variety of bots and malware. The suite aggregates, analyses and
correlates security data from a variety of sources, including endpoint
detection software, to help security teams control risks and costs and
to improve decision making.

The NetGuard Endpoint Security software includes an IoT behavioral
anomaly detection component that is capable of constantly tracking
devices against security threats. The individual traffic profiles of any
device, including an IoT device, are machine-learned automatically by
the Endpoint system; any anomalies detected triggers immediate
trouble-shooting against threats.